<?php

namespace App\Http\Middleware;

use Closure;
use DB;

class AccessControlAllowOrigin
{
    /**
     *
     * Handle an incoming request.
     *
     * @param \Illuminate\Http\Request $request
     * @param \Closure $next
     * @return mixed
     */
    public function handle($request, Closure $next) {
//        $origin = isset($_SERVER['HTTP_ORIGIN']) ? $_SERVER['HTTP_ORIGIN'] : '';
//        $root = request()->root();
//        if(!$origin || ($origin != $root)){
//            $notexists = DB::table('api_origin')->where('url',$origin)->doesntExist();
//            if($notexists) return out(0,'链接不允许！');
//        }
        $origin = '*';
        header('Access-Control-Allow-Origin: '.$origin);
        header("Access-Control-Allow-Credentials: true");
        header("Access-Control-Allow-Methods: *");
        header("Access-Control-Allow-Headers: Content-Type,Access-Token,Access-Key");
        header("Access-Control-Expose-Headers: *");

        return $next($request);
    }

}